ansible指路篇-安装及基本命令使用

                                            作者:尹正杰

版权声明:原创作品,谢绝转载!否则将追究法律责任。

一.什么是ansible

  ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
 ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:

   >.连接插件connection plugins:负责和被监控端实现通信;

   >.host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;

   >.各种模块核心模块、command模块、自定义模块;

   >.借助于插件完成记录日志邮件等功能;

   >.playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
 
二.准备环境
  我们本次试验需要4台主机,1台web服务器,2台数据库服务器,1台发送指令的服务器。并且需要配置好域名。其对应关系如下:
主机名称 对应IP 部署服务
node1.yinzhengjie.com 192.168.105/24 http
node2.yinzhengjie.com 192.168.1.110/24 nginx,mysql
node3.yinzhengjie.com 192.168.1.115/24 mysql
node4.yinzhengjie.com 192.168.1.200/24 ansible 
 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.200

 [root@yinzhengjie ~]# more /etc/hosts | grep yinzhengjie

 192.168.1.105   node1.yinzhengjie.com

 192.168.1.110   node2.yinzhengjie.com

 192.168.1.115   node3.yinzhengjie.com

 192.168.1.200   node4.yinzhengjie.com

 [root@yinzhengjie ~]#
三.安装ansible
1.下载安装包(RPM包搜索站点:https://pkgs.org/
 [root@yinzhengjie ~]# wget http://dl.fedoraproject.org/pub/epel/6/x86_64//ansible-2.3.2.0-1.el6.noarch.rpm

 [root@yinzhengjie ~]# rpm -qpi ansible-2.3.2.0-.el6.noarch.rpm
2.yum安装即可(它可以自动解决依赖关系)
  [root@yinzhengjie ~]# yum -y install ansible-2.3.2.0-.el6.noarch.rpm 
3.查看安装完毕后生产了哪些文件
 [root@yinzhengjie ~]#  rpm -qal ansible |wc -l

                         ------------->由于文件行数过多,此处我就不列出了

 [root@yinzhengjie ~]#
4.修改配置文件
 [root@yinzhengjie ~]# cd /etc/ansible/

 [root@yinzhengjie ansible]# more hosts |tail -

 #Add by yinzhengjie

 [webservers]

 node1.yinzhengjie.com

 node2.yinzhengjie.com

 [dbservers]

 node2.yinzhengjie.com

 node3.yinzhengjie.com

 [root@yinzhengjie ansible]#
 
5.配置无秘钥登录证书
a>..生成证书
 [root@yinzhengjie ~]# cd

 [root@yinzhengjie ~]# ssh-keygen -t rsa -P ''

 Generating public/private rsa key pair.

 Enter file in which to save the key (/root/.ssh/id_rsa):

 /root/.ssh/id_rsa already exists.

 Overwrite (y/n)? y

 Your identification has been saved in /root/.ssh/id_rsa.

 Your public key has been saved in /root/.ssh/id_rsa.pub.

 The key fingerprint is:

 ::9e:::6b::::7a:7e::c8::af: root@yinzhengjie

 The key's randomart image is:

 +--[ RSA ]----+

 |      .o+oo.=+  .|

 |       +o. +. oo.|

 |      ..o....E.o.|

 |       oo. .o.o  |

 |      . S. . o   |

 |          .      |

 |                 |

 |                 |

 |                 |

 +-----------------+

 [root@yinzhengjie ~]#
b>.将公钥拷贝到其他的服务器上去
 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node1.yinzhengjie.com

 The authenticity of host 'node1.yinzhengjie.com (192.168.1.105)' can't be established.

 RSA key fingerprint is ::2b:::::::c1:be:e3:ba:::.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node1.yinzhengjie.com' (RSA) to the list of known hosts.

 root@node1.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node1.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node2.yinzhengjie.com

 The authenticity of host 'node2.yinzhengjie.com (192.168.1.110)' can't be established.

 RSA key fingerprint is ::0a:6e::e9:::e5:c8:3f:b3:1d:::8e.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node2.yinzhengjie.com,192.168.1.110' (RSA) to the list of known hosts.

 root@node2.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node2.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node3.yinzhengjie.com

 The authenticity of host 'node3.yinzhengjie.com (192.168.1.115)' can't be established.

 RSA key fingerprint is :a4:bf:f7:b7::e7:e6:ce::bb:8f:e7:d8:e5:.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node3.yinzhengjie.com,192.168.1.115' (RSA) to the list of known hosts.

 root@node3.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node3.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#
 
c>.验证是否配置成功
 [root@yinzhengjie ~]# ssh node1.yinzhengjie.com

 Last login: Fri Oct  ::  from 192.168.1.161

 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.105

 [root@yinzhengjie ~]# logout

 Connection to node1.yinzhengjie.com closed.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.200

 [root@yinzhengjie ~]#
四.ansible简单应用
1.检查所有定义的主机是否在线
 [root@yinzhengjie ~]# ansible all -m ping

 node3.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 node1.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 [root@yinzhengjie ~]#
2.查看所有定义的主机的时间
 [root@yinzhengjie ~]# ansible all -m command -a 'date'

 node3.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node2.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node1.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a 'date'

 node3.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node1.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node2.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 [root@yinzhengjie ~]#
3.检查所有定义的主机的http服务是否正常
 [root@yinzhengjie ~]# ansible all -m command -a 'service httpd status'

  [WARNING]: Consider using service module rather than running service

 node1.yinzhengjie.com | SUCCESS | rc= >>

 httpd (pid  ) is running...

 node3.yinzhengjie.com | FAILED | rc= >>

 httpd is stopped

 node2.yinzhengjie.com | FAILED | rc= >>

 httpd is stopped

 [root@yinzhengjie ~]#
4.拷贝本地文件到定义的服务器群组
 [root@yinzhengjie ~]# ansible dbservers -m copy -a "src=/root/ansible-2.3.2.0-1.el6.noarch.rpm dest=/tmp/"

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",

     "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",

     "gid": ,

     "group": "root",

     "md5sum": "8388f98019479244b5098e5e23941da7",

     "mode": "",

     "owner": "root",

     "secontext": "unconfined_u:object_r:admin_home_t:s0",

     "size": ,

     "src": "/root/.ansible/tmp/ansible-tmp-1507900705.1-53916243211948/source",

     "state": "file",

     "uid":

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",

     "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",

     "gid": ,

     "group": "root",

     "md5sum": "8388f98019479244b5098e5e23941da7",

     "mode": "",

     "owner": "root",

     "secontext": "unconfined_u:object_r:admin_home_t:s0",

     "size": ,

     "src": "/root/.ansible/tmp/ansible-tmp-1507900705.18-246525313248421/source",

     "state": "file",

     "uid":

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible dbservers -a "ls /tmp"

 node3.yinzhengjie.com | SUCCESS | rc= >>

 ansible-2.3.2.0-.el6.noarch.rpm

 ansible_46ihbB

 keyring-Dp3ZRf

 ks-script-VsmDKH

 ks-script-VsmDKH.log

 orbit-gdm

 orbit-root

 pulse-qotd3GsczqPx

 pulse-sxkC9wDU7bP6

 vgauthsvclog.txt.

 virtual-root.mMq8ds

 vmware-config0

 VMwareDnD

 vmware-root

 yum.log

 node2.yinzhengjie.com | SUCCESS | rc= >>

 ansible-2.3.2.0-.el6.noarch.rpm

 ansible_KZ8J1M

 keyring-pUri5c

 orbit-gdm

 orbit-root

 pulse-UgBUKbuMXzGR

 [root@yinzhengjie ~]#
5.定义周期计划任务的模块
 [root@yinzhengjie ~]# ansible all -m cron -a 'name="yinzhengjie is good boy" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 1.cn.pool.ntp.org"'

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 node1.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a "crontab -l"

 node2.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 node3.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 node1.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 [root@yinzhengjie ~]#
 
6.给所有定义的主机创建组
 [root@yinzhengjie ~]# ansible all -m group -a "gid=306 system=yes name=yinzhengjie520"

 node1.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a "tail -1 /etc/group"

 node3.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 node1.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 node2.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 [root@yinzhengjie ~]#
 
五.ansible模块
  关于ping,date等一些命令其实都是ansible所对应的模块,因此,我们熟悉它的常用模块(ansible支持上千多个模块)还是很有必要的。用下面的命令就可以查看其支持的模块的使用方式。
1.查看ansible支持的模块个数
[root@yinzhengjie ~]# ansible-doc -l | wc -l
1039
[root@yinzhengjie ~]#
2.查看ansible对某个模块的帮助
[root@yinzhengjie ~]# ansible-doc -s copy
3.指点迷津
  想要学好ansible这个开源工具,需要熟练掌握YAML,palybook,corosync集群,crmch和pcs的使用方式。生产环境中我用不到这些。我用ansible就是因为生产环境中有50台服务器需要安装zabbix_agent服务器。听朋友介绍这个软件好使,就来研究一下。我的思路就是用ansible命令来管理所有主机,当然我会把shell安装脚本分发到各个服务器上去。帮我执行任务即可。
 
 
 

ansible指路篇-安装及基本命令使用的更多相关文章

  1. Ansible第一篇:介绍及安装

    Ansible介绍 Ansible是个什么东西呢?官方的title是"Ansible is Simple IT Automation"--简单的自动化IT工具.ansible基于P ...

  2. python Django教程 之 安装、基本命令、视图与网站

    python  Django教程  之 安装.基本命令.视图与网站 一.简介 Django 中提供了开发网站经常用到的模块,常见的代码都为你写好了,通过减少重复的代码,Django 使你能够专注于 w ...

  3. 自动化运维工具之 Ansible 介绍及安装使用

    一.初识Ansible 介绍: Absible 使用 模块(Modules)来定义配置任务.模块可以用标准脚本语言(Python,Bash,Ruby,等等)编写,这是一个很好的做法,使每个模块幂等.A ...

  4. 【OpenCV入门指南】第一篇 安装OpenCV

    http://blog.csdn.net/morewindows/article/details/8225783/ win10下vs2015配置Opencv3.1.0过程详解(转) http://ww ...

  5. ansible自动化工具安装和简单使用

    ansible自动化工具安装和简单使用 1.安装 ansible依赖于Python 2.6或更高的版本.paramiko.PyYAML及Jinja2. 2.1 编译安装 解决依赖关系 # yum -y ...

  6. ansible示例,离线安装etcd

    一.基础介绍 ========================================================================================== 1. ...

  7. Ansible介绍及安装部署

    本节内容: 运维工具 Ansible特性 Ansible架构图和核心组件 安装Ansible 演示使用示例 一.运维工具 作为一个Linux运维人员,需要了解大量的运维工具,并熟知这些工具的差异,能够 ...

  8. ansible介绍和安装

    ansible是由 Python 编写的强大的配置管理解决方案,ansible 的特点就在于它的简洁与高效率 ansible与其他的配置管理工具不同点在于:不需要你在想要配置的每个节点上安装自己的组件 ...

  9. ansible入门一(Ansible介绍及安装部署)

    本节内容: 运维工具 Ansible特性 Ansible架构图和核心组件 安装Ansible 演示使用示例 一.运维工具 作为一个Linux运维人员,需要了解大量的运维工具,并熟知这些工具的差异,能够 ...

随机推荐

  1. cglib 动态代理

    JDK的动态代理比较慢,可以使用cglib的代理,速度比较快: package cn.demo02; import java.lang.reflect.Method; import java.util ...

  2. Oracle系列(二): Oracle表的外键查询

    在执行数据库删除操作时,外键关联是令我们最烦的一个东西,有了外键关联,就不允许随意删除数据,那么怎知道这个外键关联度的外键属于那个表? select * from user_cons_columns ...

  3. 分布式版本控制系统Git的安装与使用 第二次作业

    (本次作业要求来自:https://edu.cnblogs.com/campus/gzcc/GZCC-16SE1/homework/2103) 一.安装Git bash软件和安装notepad++ 二 ...

  4. Docker中安装Nexus3

    https://blog.csdn.net/sqandczm/article/details/78560710 https://hub.docker.com/r/sonatype/nexus/ htt ...

  5. windows上面链接使用linux上面的docker daemon

    1. 修改linux 上面的 docker的 配置文件. vim /usr/lib/systemd/system/docker.service 注意 这个是centos的路径 发现ubuntu的路径不 ...

  6. 无法获得锁 /var/lib/dpkg/lock

    sudo rm /var/cache/apt/archives/lock sudo rm /var/lib/dpkg/lock

  7. 关于EXCEL if、countif 在查找数据的用法

    最近被其他部门的同事教导使用excel.突然觉得以前用代码切来切去的东西,和频繁比对的数据原来是用excel就能那么方便的算出,瞬间感觉打开了新世界的大门. 先说if和countif结合使用,来判断一 ...

  8. Java代码封装redis工具类

    maven依赖关系: <dependency> <groupId>redis.clients</groupId> <artifactId>jedis&l ...

  9. flask再学习-思考之怎么从数据库中查询数据在页面展示!

    看别人视频觉得很简单,要自己做蒙蔽了!这样子.NO! 1. 流程: 首先要有和数据库连接的驱动!一般有PYMySQL mysqlclient 等 使用扩展Flask-SQLAlchemy 获得orm对 ...

  10. BZOJ4764弹飞大爷——LCT

    题目描述 自从WC退役以来,大爷是越来越懒惰了.为了帮助他活动筋骨,也是受到了弹飞绵羊一题的启发,机房的小伙伴们 决定齐心合力构造一个下面这样的序列.这个序列共有N项,每项都代表了一个小伙伴的力量值, ...